Close

Enterprise Grade Security

AICPA SOC

SOC2 Type II Compliant

Halp currently holds a report on compliance for the SOC2 Type II standard which includes an audit by a third-party and our philosophy and approach for information security management, risk assessment, and third-party risks. For more information and to get a copy of the report, please email security@halp.com

AICPA SOC

GDPR & CCPA Compliant

The General Data Protection Regulation (GDPR) is a comprehensive European Union privacy regulation that gives EU citizens and other individuals in the EU authority over their own personal data. The GDPR seeks to harmonize existing data protection laws across Europe and standardize data protection rules. GDPR is a major step forward in protecting privacy rights.

Data Security Features

Checkmark icon

Robust Data Encryption

All data is encrypted at rest with full disk encryption using industry standard AES-256 bit encryption. We rotate our keys annually. Our application is hosted and managed by Amazon Web Services, which complies with the strictest security standards, including ISO 27001, SOC 3, PCI DSS Level 1, and MTCS Level 3. All data in transit is sent over TLS v1.2.

Checkmark icon

Secure Authentication

‍When connecting to Slack, Microsoft Teams, Zendesk, and Jira, we adhere to OAuth 2.0. OAuth is the industry standard for authorizing secure access to external applications without providing them with your password. Halp does not store any passwords and you can revoke OAuth tokens at any time.

Checkmark icon

Privacy and Visibility

Access to ticket information is limited based on a user's role. End users can see tickets they create or follow, and agents can see tickets for the queues where they are a member. Queue membership is synced with your chat platform, to provide seamless user management and authorization controls without extra layers of settings.

Checkmark icon

Secure Software Development Lifecycle

Halp's Software Engineering team obsesses over security. We follow OWASP secure coding practices. Every pull request is reviewed for possible attack vectors and vulnerabilities. We evaluate every vendor to ensure that they are GDPR compliant and use industry standard security principles.

Checkmark icon

Internal Policies and Penetration Testing

Our team follows a comprehensive set of security policies that includes a strict adherence to breach disclosures, business continuity plans, and an extensive incident management policy. We background check all employees and enforce a security training program. We complete annual 3rd party penetration testing with independent contractors.

Checkmark icon

Industry Standard Vendors

Halp uses industry standard vendors when appropriate. We use Stripe to handle credit card and ACH payments. We use AWS S3 for file storage.

Have more questions?

Contact security@halp.com to request access to our SOC2 report, our most recent 3rd party audit report, or a full list of our vendors and sub-processors.

Bring conversational ticketing to your team today

Not a Slack admin? Test our Sandbox